diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index e66adb438..6f389d57b 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -273,6 +273,7 @@ sub add_file( $$ ) { add_command $chainref, ''; while ( $line = ) { + chomp $line; add_command $chainref, $line; } diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index 96543982a..81b5e0e45 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -491,8 +491,6 @@ sub add_common_rules() { new_standard_chain output_chain( $interface ); } - add_file $filter_table->{INPUT}, 'initdone'; - setup_blacklist; $list = find_hosts_by_option 'nosmurfs'; @@ -856,7 +854,7 @@ sub process_macro ( $$$$$$$$$$$ ) { } # -# Once a rule has been completely resolved by macro expansion, it is processed by this function. +# Once a rule has been completely resolved by macro expansion and wildcard (source and/or dest zone == 'all'), it is processed by this function. # sub process_rule1 ( $$$$$$$$$ ) { my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = @_; diff --git a/Shorewall-perl/releasenotes.txt b/Shorewall-perl/releasenotes.txt index 03968e001..0128a5208 100644 --- a/Shorewall-perl/releasenotes.txt +++ b/Shorewall-perl/releasenotes.txt @@ -84,11 +84,10 @@ e) Because the compiler is now written in Perl, your compile-time f) The 'refresh' command is now synonymous with 'restart'. -g) Some run-time scripts will need to be converted to write their +g) Some run-time scripts will need to be changed to write their iptables commands to file descriptor 3 in iptables-restore format rather than running those commands. - initdone maclog Details to follow. @@ -96,8 +95,11 @@ g) Some run-time scripts will need to be converted to write their Some run-time scripts are simply eliminated because they no longer make any sense under Shorewall-perl: - continue - Under Shorewall-perl, nothing is done between - 'continue' and 'initdone' + initdone - The these two scripts assumed a model where the + continue chains were built in parallel. In the + iptables-restore model, chains are built serially + within tables and tables are build serially. + refresh - The 'refresh' command is the same as 'restart' refreshed